Add Twiist

charts/tidepool/charts/auth/templates/1-deployment.yaml

@@ -8,8 +8,8 @@ metadata:
   name: auth
   namespace: {{.Release.Namespace}}
   annotations:
-    secret.reloader.stakater.com/reload: "server,{{ .Values.mongo.secretName }},abbott,dexcom,auth"
-    configmap.reloader.stakater.com/reload: "abbott,dexcom"
+    secret.reloader.stakater.com/reload: "server,{{ .Values.mongo.secretName }},abbott,dexcom,auth,twiist"
+    configmap.reloader.stakater.com/reload: "abbott,dexcom,twiist"
 {{ if .Values.deployment.annotations }}
     {{- .Values.deployment.annotations | toYaml | nindent 4 }}
 {{- end }}
@@ -134,6 +134,54 @@ spec:
               name: dexcom
               key: StateSalt
               optional: true
+        - name: TIDEPOOL_SERVICE_PROVIDER_TWIIST_AUTHORIZE_URL
+          valueFrom:
+            configMapKeyRef:
+              name: twiist
+              key: AuthorizeURL
+              optional: true
+        - name: TIDEPOOL_SERVICE_PROVIDER_TWIIST_REDIRECT_URL
+          valueFrom:
+            configMapKeyRef:
+              name: twiist
+              key: RedirectURL
+              optional: true
+        - name: TIDEPOOL_SERVICE_PROVIDER_TWIIST_TOKEN_URL
+          valueFrom:
+            configMapKeyRef:
+              name: twiist
+              key: TokenURL
+              optional: true
+        - name: TIDEPOOL_SERVICE_PROVIDER_TWIIST_JWKS_URL
+          valueFrom:
+            configMapKeyRef:
+              name: twiist
+              key: JWKSURL
+              optional: true
+        - name: TIDEPOOL_SERVICE_PROVIDER_TWIIST_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              name: twiist
+              key: ClientID
+              optional: true
+        - name: TIDEPOOL_SERVICE_PROVIDER_TWIIST_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: twiist
+              key: ClientSecret
+              optional: true
+        - name: TIDEPOOL_SERVICE_PROVIDER_TWIIST_STATE_SALT
+          valueFrom:
+            secretKeyRef:
+              name: twiist
+              key: StateSalt
+              optional: true
+        - name: TIDEPOOL_TWIIST_SERVICE_ACCOUNT_IDS
+          valueFrom:
+            configMapKeyRef:
+              name: twiist
+              key: ServiceAccountIDs
+              optional: true
         - name: TIDEPOOL_AUTH_SERVICE_DOMAIN
           value: {{ .Values.global.gateway.default.domain }}
         - name: TIDEPOOL_AUTH_SERVICE_SERVER_ADDRESS

charts/tidepool/charts/auth/templates/4-routetable.yaml

@@ -133,4 +133,12 @@ spec:
       single:
         upstream:
           name: auth
+  - matchers:
+    - methods:
+      - DELETE
+      regex: /v1/partners/twiist/links/[^/]+
+    routeAction:
+      single:
+        upstream:
+          name: auth
 {{- end }}

charts/tidepool/charts/data/templates/1-deployment.yaml

@@ -111,6 +111,12 @@ spec:
               name: abbott
               key: PartnerURL
               optional: true
+        - name: TIDEPOOL_TWIIST_SERVICE_ACCOUNT_IDS
+          valueFrom:
+            configMapKeyRef:
+              name: twiist
+              key: ServiceAccountIDs
+              optional: true
         - name: TIDEPOOL_DATA_SERVICE_SECRET
           valueFrom:
             secretKeyRef:

charts/tidepool/charts/data/templates/4-routetable.yaml

@@ -429,4 +429,5 @@ spec:
       single:
         upstream:
           name: data
+  weight: 10
 {{- end }}

charts/tidepool/charts/twiist/.helmignore

@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/tidepool/charts/twiist/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: twiist
+version: 0.1.0
+home: https://github.com/tidepool-org/development/charts

charts/tidepool/charts/twiist/README.md

@@ -0,0 +1,24 @@
+# twiist
+
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square)
+
+A Helm chart for Kubernetes
+
+**Homepage:** <https://github.com/tidepool-org/development/charts>
+
+## Values
+
+| Key                       | Type | Default | Description                                     |
+|---------------------------|------|---------|-------------------------------------------------|
+| configmap.enabled         | bool | `false` | whether to generate a configmap                 |
+| configmap.redirectURL     | string | `""` | OAuth2 redirect URL                             |
+| configmap.tokenURL        | string | `""` | OAuth2 token URL                                |
+| configmap.authorizeURL    | string | `""` | OAuth2 authorization URL                        |
+| configmap.jwksURL         | string | `""` | jwks URL                                        |
+| configmap.scopes          | string | `""` | OAuth2 scopes                                   |
+| secret.enabled            | bool | `false` | whether to create a secret                      |
+| secret.data_.clientId     | string | `""` | plaintext OAuth2 client id                      |
+| secret.data_.clientSecret | string | `""` | plaintext OAuth2 client secret                  |
+| secret.data_.stateSalt    | string | `""` | plaintext OAuth2 state salt                     |
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.3.0](https://github.com/norwoodj/helm-docs/releases/v1.3.0)

charts/tidepool/charts/twiist/templates/0-configmap.yaml

@@ -0,0 +1,20 @@
+{{ if .Values.configmap.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: twiist
+  namespace: {{ .Release.Namespace }}
+  labels:
+{{ include "charts.labels.standard" . }}
+data:
+{{ if .Values.configmap.redirectURL }}
+  RedirectURL: {{ .Values.configmap.redirectURL }}
+{{ else }}
+  RedirectURL: "{{include "charts.host.api" .}}/v1/oauth/twiist/redirect"
+{{ end }}
+  TokenURL: {{ .Values.configmap.tokenURL | default "" }}
+  AuthorizeURL: {{ .Values.configmap.authorizeURL | default "" }}
+  JWKSURL: {{ .Values.configmap.jwksURL | default "" }}
+  Scopes: {{ .Values.configmap.scopes | default "" }}
+  ServiceAccountIDs: {{ .Values.configmap.serviceAccountIDs | default "" }}
+{{ end }}

charts/tidepool/charts/twiist/templates/0-secret.yaml

@@ -0,0 +1,15 @@
+{{ if .Values.secret.enabled -}}
+---
+apiVersion: v1
+{{ with .Values.secret.data_ -}}
+data:
+  ClientID: {{ .clientId | default "" | b64enc | quote }}
+  ClientSecret: {{ .clientSecret | default "" | b64enc | quote }}
+  StateSalt: {{ .stateSalt | default "" | b64enc | quote }}
+{{- end }}
+kind: Secret
+metadata:
+  name: twiist
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+{{- end }}

charts/tidepool/charts/twiist/values.yaml

@@ -0,0 +1,14 @@
+configmap:
+  enabled: false
+  redirectURL: ""
+  tokenURL: ""
+  authorizeURL: ""
+  scopes: ""
+  jwksURL: ""
+  serviceAccountIDs: ""
+secret:
+  enabled: false
+  data_:
+    clientId: ""
+    clientSecret: ""
+    stateSalt: ""